[strongSwan] FreeBSD endpoints issue

Tobias Brunner tobias at strongswan.org
Tue Feb 23 13:14:11 CET 2021


> I have just a last small issue I can deal with. The source IP used is
> the first one defined on internal interface, and not the one matching
> the local_ts.

As I mentioned, we can't control this on FreeBSD (no preferred source
address can be listed in the routes), it's basically up to the system
which IP address it selects.  If it's not the right one and you can't
get the system to change its behavior, you have to either include that
IP in the traffic selectors (or negotiate a separate CHILD_SA if the
peer doesn't support multiple traffic selectors) or maybe NAT traffic to
the right IP (not sure if FreeBSD supports this sort of thing).


